The APT package manager used by Proxmox VE and Proxmox Mail Gateway was recently discovered to be affected by CVE-2019-3462, allowing a Man-In-The-Middle or malicious mirror server to execute arbitrary code
with root privileges when affected systems attempt to install upgrades.
To securely upgrade your systems, run the following commands as root:
and verify that apt is now at least version 1.4.9 on Debian Stretch:
Please see the Debian Security Advisory DSA-4371 for details.
with root privileges when affected systems attempt to install upgrades.
To securely upgrade your systems, run the following commands as root:
Code:
# apt -o Acquire::http::AllowRedirect=false update
# apt -o Acquire::http::AllowRedirect=false full-upgradeand verify that apt is now at least version 1.4.9 on Debian Stretch:
Code:
$ apt -v
apt 1.4.9 (amd64)Please see the Debian Security Advisory DSA-4371 for details.
